From 314202fed1a9344810e8d56c39aa7b63deffc4b8 Mon Sep 17 00:00:00 2001
From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
Date: Wed, 20 Dec 2023 17:54:39 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80Create=20IOK:=20coinbase-69638f20?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Create coinbase-69638f20.yml
---
 indicators/coinbase-69638f20.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 indicators/coinbase-69638f20.yml

diff --git a/indicators/coinbase-69638f20.yml b/indicators/coinbase-69638f20.yml
new file mode 100644
index 00000000..3ee2d20d
--- /dev/null
+++ b/indicators/coinbase-69638f20.yml
@@ -0,0 +1,22 @@
+title: Coinbase Phishing Kit 69638f20
+description: |
+    A Coinbase Phishing Kit asking the user to enter their
+    12-word seed phrase. 
+    This kit seems to be exclusively deployed on Glitch.
+
+references:
+  - https://urlscan.io/result/69638f20-d983-4d53-9ec5-21955f96b0ae
+  - https://urlscan.io/search/#filename:%22cb675.png%22
+  
+detection:
+
+    pageTitle:
+        title: "info"
+
+    coinbaseLogo:
+        requests|contains: "i.postimg.cc/zG3nVT0g/cb675.png"
+
+    inputBoxName:
+        dom|contains: "newmh78"
+
+    condition: pageTitle and coinbaseLogo and inputBoxName